Comprehensive Security Management Plan

Only available on StudyMode
  • Download(s) : 304
  • Published : April 24, 2013
Open Document
Text Preview
Colorado Technical University

Comprehensive Security Management Plan
for
Colorado History

Individual Project 5

By
Roy A. Kelly II
Colorado Springs, Colorado
December 22, 2012

Table of Contents
Project Outline4
Security Requirements5
Organizational Chart (Colorado Historical Society, 2012)5
Proposed Security Working Group6
Security Business Requirements9
Capability Maturity Model Integration (CMMI)9
Capability Levels11
Base Practices11
Procedures to review12
Security Policy19
Why We Need Security Policies19
Security Policy Table19
System Design Principles22
Open Design22
Securing the Weakest Link23
Defense in Depth23
Failing Securely24
Least Privilege25
Separation of Privilege26
Economy of Mechanism26
How Security Principles Relate to Us27
The Training Module29
User Roles29
Executive Management29
Mid-level Management29
Museum Staff30
Museum Volunteers30
IT and Security30
Courses30
Introduction to Information Security31
Information Security for Executives31
Computer and Network Security Awareness33
Cloud Security Fundamentals33
Social Engineering34
Email, Instant Messaging, and Browsing35
Training Matrix35
Measuring Impact35
References38

Project Outline
Repurposed: This task contains portions of material that were originally submitted during the Summer 1, 2012 session in CS631 OLA1 with Shawn Murray. History Colorado is headquartered in Denver, with other offices in Denver, Montrose, and Pueblo; and five museums scattered around the state.  Each office has 6 to 10 computers and each museum has 1 to 5 computers that connect to the headquarters over a leased line to make a WAN spanning the entire state.  The webserver is in the headquarters and is in a DMZ that is separate from the rest of the network. Guest lecturers and other historians that may work temporarily in our offices may have different operating systems, so we also need to plan for this eventuality (Murray, 2012). IT support and security is provided by the Colorado State IT department; independent contractors provide disability support.  History Colorado has a sub-domain (to the state) server in Denver with secondary login servers in each office. The domain server runs Windows Server 2008 R2 with Symantec Protection Suite Enterprise Edition, and all traffic goes through it.  All offices are running Windows 7 with Office 2010, and all other servers are virtualized, running Windows Server 2008 R2. Surveying our user base about what operating systems our guest speakers and historians use most often, the vast majority has Windows systems, but some have Linux or PC-BSD. We not only need to protect the invaluable artifacts and buildings from physical damage, but there are many digitized documents, recorded interviews, employee and volunteer records, web servers, and email that can be accessed over the internet if they are not secured properly. Creating, implementing, and updating a security policy and implementing a security plan will help us to have that security and protect our irreplaceable assets. (End Repurposed Work) Security Requirements

Organizational Chart (Colorado Historical Society, 2012)

Proposed Security Working Group

Normally a working group (WG) is created for a specific, short-term task. The Security Working Group (SWG) is a permanent WG comprised of members from all departments, including the State legal department, the State IT Security team, and both Security and IT to facilitate the sharing of observations, concerns, and ideas that leads to creativity and planning. The SWG shown above has a dotted line relationship to the organizational chart shown before. With members from all departments and almost instant feedback, we can expect reduced costs, increased understanding of organizational risks, increased collaboration between departments, improved performance, and less duplication of effort....
tracking img